Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 2 of 2 FirstFirst 12
Results 16 to 20 of 20
  1. #16
    Regular Coder d'Anconia's Avatar
    Join Date
    Jan 2010
    Location
    Tempe, AZ
    Posts
    149
    Thanks
    16
    Thanked 6 Times in 6 Posts
    Quote Originally Posted by glenngv View Post
    You appended the img object before its src is set.

    Code:
    var actualImg = document.createElement('img');
    imageLink.appendChild(actualImg); //<----you appended the <img> to the <a>
    actualImg.removeAttribute("style");
    var imgSrc = reorderResponse[i].imagePath;
    actualImg.src="products/images/" + imgSrc; //<----but you only set the img src here
    LOL Thank you. I checked my script and I was also missing several appendChild steps. Thank you!
    Datagonia Web (My Portfolio)

    Powerful ideas for all lovers of personal and political freedom:
    Freedomain Radio
    Free Talk Live

  2. #17
    Senior Coder rnd me's Avatar
    Join Date
    Jun 2007
    Location
    Urbana
    Posts
    4,184
    Thanks
    10
    Thanked 569 Times in 550 Posts
    Quote Originally Posted by glenngv View Post
    Using eval instead of JSON.parse is not a good idea. Using eval is more vulnerable to attacks and is much slower.
    1. despite the chicken-little style warnings, i've never seen an attack using eval on a supposed data source. people use google CDN scripts all the time, even from https. The fact that most people use JSON.parse likely means an attack requiring eval has a limited vector and a huge failure footprint.


    2. the charts on performance seem to indicate that it's roughly 2-3X faster to use parse instead of eval. But, since it's typically a one-time operation, 1mb data /sec is not really noticeably faster than 400kb /sec.
    aside from that, you are advocating a user-land JSON.parse() and if you compare that to eval(), eval() beats the pants off of a json2.js-style add-on.


    i'm not saying don't use parse, i'm just saying that the reasons for not using eval() are not terribly compelling.

    Still, it's better to use Function("return "+strJSON)() instead of eval as its faster and safer.


    you can do something like this for a more secure "poor man's parser" where JSON is not built-in (ala IE7, ASP, JSC.exe, etc):
    Code:
    function parse(strJSON){
        var window, self, document, top, alert, eval, require, module, Response;
        return Function("return "+strJSON)();
    }
    Last edited by rnd me; 03-20-2013 at 07:28 PM.
    my site (updated 13/9/26)
    BROWSER STATS [% share] (2014/1/19) IE7:0.2, IE8:6.7, IE11:7.4, IE9:3.8, IE10:4.4, FF:18.3, CH:43.6, SF:7.8, MOBILE:27.5

  3. #18
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    10,964
    Thanks
    0
    Thanked 236 Times in 233 Posts
    But if you are expecting a JSON format in the ajax responseText, then you would naturally make sure that a valid JSON object is returned. If you use eval, then any JS expression could be returned and evaluated and your code will fail even if eval returns no error (valid JS expression) if invalid JSON is returned.

  4. #19
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Quote Originally Posted by glenngv View Post
    Using eval instead of JSON.parse is not a good idea. Using eval is more vulnerable to attacks and is much slower.
    I would never do that in production code. I just did it for a quick and dirty test. Just to make sure his JSON was indeed legal. Tell you the truth, I didn't know the IE9 had JSON built in and that happened to be the browser I had open at the time. I later discovered that works in IE9. But I don't think it works in IE8? Or is it just IE7?
    Last edited by Old Pedant; 03-21-2013 at 12:11 AM.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  5. #20
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    I do not fully understand why Javascript is unable to loop through the JSON object as if it were an array, especially when the top-dimension variables / keys are numbers (ie easily sortable). Can anyone elaborate on this in layman's terms?
    Okay. In simplest possible terms:

    An array is an array. An object with property values is not an array.

    Just because we can use the same notation to access array elements as we can to access object properties does not make them the same. Heck, we use a period between the integer and fractional parts of a number, but that doesn't make the number 3.1415 the same as an object.property reference. Similar syntax does not necessarily denote similar underlying capabilities.

    Perhaps we could also point out that you can't give numbers to array elements as part of the expression on the right hand side of the assignment (=) operator.

    That is, you must code
    Code:
    whatever[3] = "something";
    never
    Code:
    whatever = [3,"something"];
    or anything similar.

    There's a *HUGE* difference between
    Code:
    whatever = [3,"something"];
    and
    whatever = { 3 : "something" };
    The former creates an array of two elements: whatever[0]==3, whatever[1]=="something".
    The latter creates an object with one property: whatever["3"]=="something".

    Notice that I coded ["3"] there and not [3]. Actually, whatever[3] would have worked, but of course it's very misleading in appearance. It's just another case of JS silently converting a number to a string for you.

    Which is one reason that I avoid using object property names that look like numbers or even that start with digits.

    For one thing, if you do
    Code:
    whatever = { "p3" : "something" };
    Then you can code alert( whatever.p3 )

    Whereas if you do
    Code:
    whatever = { "3" : "something" };
    Then KABLOOEY if you try to code alert( whatever.3 )

    So although your use of numbers-as-strings for the top-level property names in your JSON object works, it's not something I would ever do. If nothing else, I would give them a prefix (e.g., "item0" : {.... } ).
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.


 
Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •